The present invention relates to systems, computer-implemented methods and computer program products for supporting and/or implementing tamper detection of data such as data that is stored in a log of audit records.
Certain computing systems are known to generate and store a log of records that are used for auditing system functions and activities. In particular, each audit record captures information related to a corresponding event of interest to the computing system. Depending upon the particular implementation, an event of interest may comprise a positive action or a negative action (or lack of action when an action is anticipated) that is to be audited. As a few illustrative examples, an audit record may capture information identifying the status and/or performance of a particular transaction or transaction type, the execution (or lack thereof) of a system process or the occurrence of an activity or state within the system or component(s) thereof. Each audit record may also capture information such as the identity of the person or process that triggered the event, a time stamp corresponding to the event and/or other relevant information associated with the occurrence of the corresponding event itself. Moreover, the organization of the audit records into a corresponding audit log typically preserves the chronological order of the recorded events.
In general terms, the log of audit records allows an administrator to determine who has done what on which system component(s), application(s), etc., and when the audit generating activity occurred. Accordingly, the value of an analysis, action or inaction based upon the information realized by a log of records is jeopardized if the log information has been tampered with, e.g., altered, modified, revised, edited, etc., whether by nefarious intent or other motive. For example, unauthorized modification, e.g., inserting or deleting records, alteration of the content of one or more audit records, etc., can impact the reliability and usability of the audit log data for diagnosing a root cause of a problem, for discovering the identity of a user responsible for particular system activities, etc.